IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Added sanitizer to help text

Browse Source
This commit is contained in:
utkarshcmu 2016-12-06 05:24:03 -08:00
parent 034d84354e
commit 13f0b32a8f
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
public/app/features/panel/panel_menu.js
View File

@ -9,7 +9,7 @@ function (angular, $, _, Tether) {
angular
.module('grafana.directives')
.directive('panelMenu', function($compile, linkSrv) {
.directive('panelMenu', function($sanitize, $compile, linkSrv) {
var linkTemplate =
'<span class="panel-title drag-handle pointer">' +
'<span class="icon-gf panel-alert-icon"></span>' +
@ -19,6 +19,16 @@ function (angular, $, _, Tether) {
'<span class="panel-time-info" ng-show="ctrl.timeInfo"><i class="fa fa-clock-o"></i> {{ctrl.timeInfo}}</span>' +
'</span>';
function sanitizeString(str) {
try {
return $sanitize(str);
}
catch(err) {
console.log('Could not sanitize annotation string, html escaping instead');
return _.escape(str);
}
}
function createExternalLinkMenu(ctrl) {
var template = '<div class="panel-menu small">';
template += '<div class="panel-menu-row">';
@ -79,6 +89,7 @@ function (angular, $, _, Tether) {
var $link = $(linkTemplate);
var $panelLinksBtn = $link.find(".panel-links-btn");
var $panelContainer = elem.parents(".panel-container");
var $panelHelpDrop = $link.find(".panel-help-text");
var menuScope = null;
var ctrl = $scope.ctrl;
var timeout = null;
@ -93,6 +104,12 @@ function (angular, $, _, Tether) {
$panelLinksBtn.css({display: showIcon ? 'inline' : 'none'});
});
$scope.$watch('ctrl.panel.helpText', function(helpText) {
helpText = sanitizeString(helpText);
var showIcon = (helpText ? helpText.length > 0 : false) && ctrl.panel.title !== '';
$panelHelpDrop.css({display: showIcon ? 'inline' : 'none'});
});
function dismiss(time, force) {
clearTimeout(timeout);
timeout = null;